Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-4965

Published: 25/09/2006 Updated: 17/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Quicktime

Vulnerability Summary

Apple QuickTime 7.1.3 Player and Plug-In allows remote malicious users to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.

Vulnerable Product Search on Vulmon Subscribe to Product

apple quicktime 7.1.3

Vendor Advisories

Mozilla: Code execution via QuickTime Media-link files
Mozilla Foundation Security Advisory 2007-28 Code execution via QuickTime Media-link files Announced September 18, 2007 Reporter Petko D Petkov Impact Critical Products Firefox Fixed in ...

Exploits

Exploit DB: Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution
source: wwwsecurityfocuscom/bid/20138/info Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (qtl) An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser Although this we ...

References

CWE-94http://www.gnucitizen.org/blog/backdooring-mp3-files/http://www.securityfocus.com/bid/20138http://secunia.com/advisories/22048http://www.gnucitizen.org/blog/myspace-quicktime-worm-follow-uphttp://www.gnucitizen.org/blog/0day-quicktime-pwns-firefoxhttp://docs.info.apple.com/article.html?artnum=305149http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.htmlhttp://www.kb.cert.org/vuls/id/751808http://www.securitytracker.com/id?1018687http://secunia.com/advisories/27414http://securityreason.com/securityalert/1631http://www.vupen.com/english/advisories/2007/3155http://www.securityfocus.com/archive/1/479179/100/0/threadedhttp://www.securityfocus.com/archive/1/453756/100/0/threadedhttp://www.securityfocus.com/archive/1/446750/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/28639/https://www.mozilla.org/en-US/security/advisories/mfsa2007-28/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-codedCVE-2024-27202NULL pointer dereferenceCVE-2024-28075CVE-2024-33608CVE-2024-28889CVE-2024-34572template injectionCVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook